Security flaws in Ivanti’s VPN products could have allowed cybercriminals to breach at least five federal agencies according to an investigation carried out by the US Department of Homeland Security (DHS).
DHS’ Cybersecurity and Infrastructure Security Agency (CISA) has been working alongside organizations that have been targeted by hackers exploiting vulnerabilities in Ivanti’s Pulse Connect Secure VPN products. The IT software company only recently began offering VPN services to its customers when it acquired Pulse Secure back in September of last year.
In addition to working alongside affected organizations, CISA has also begun requiring federal civilian agencies to run Pulse Secure Connect’s Security Integrity Tool, which was developed by Ivanti’s Product Security Incident Response Team, to ensure the integrity of their software.
Deputy executive assistant director at CISA, Matt Harman provided further details on how the agency is working with organizations to verify the integrity of their VPN software in a statement to Bloomberg, saying:
“CISA is aware of at least five…